diff --git a/app/Core/User/UserSession.php b/app/Core/User/UserSession.php
index 9c49850ab..808346de4 100644
--- a/app/Core/User/UserSession.php
+++ b/app/Core/User/UserSession.php
@@ -44,6 +44,10 @@ class UserSession extends Base
         $user['is_ldap_user'] = isset($user['is_ldap_user']) ? (bool) $user['is_ldap_user'] : false;
         $user['twofactor_activated'] = isset($user['twofactor_activated']) ? (bool) $user['twofactor_activated'] : false;
 
+        if (session_status() === PHP_SESSION_ACTIVE) {
+            session_regenerate_id(true);
+        }
+
         session_set('user', $user);
         session_set('postAuthenticationValidated', false);
     }